Security audit
Feishu Media Delivery
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Feishu/Lark media sender that uses disclosed credentials and user-supplied files to deliver images or videos.
Install only if you want agents to send generated images or videos through your Feishu app. Protect the app secret, keep Feishu app permissions scoped narrowly, use the lockfile for dependency installation, and verify the recipient open_id and file path before running the scripts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.